[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CVE Advancements

Then that is two meetings -- one CVE-specific, and one more generally
for the topic area, if people want that.


> On Jan 5, 2016, at 4:47 PM, Landfield, Kent B <kent.b.landfield@intel.com> wrote:
>
> As long as the focus would be discussing and deciding CVE related issues
> and talking about the path forward for CVE Š.  That was the real purpose
> of my suggestion.  We need to address the short term problems while
> planning for the long term future of CVE on a larger scale.  I'd also like
> to have this be restricted to the Editorial Board since they are the ones
> highly familiar with the existing problems and the requisite history.
> Definitely don¹t want outsiders that needs educating. That cuts into the
> time for discussions and solution development.
> ---
> Kent Landfield
> +1.817.637.8026
>
>
>
>
> On 1/5/16, 3:34 PM, "Eugene H. Spafford"
> <owner-cve-editorial-board-list@lists.mitre.org on behalf of
> gene.spafford@gmail.com> wrote:
>
>> Let me note, from a historical perspective, that CERIAS hosted a workshop
>> on vulnerability databases here in January 1999.  The MITRE folks
>> presented at that workshop, and decided to make their efforts public as a
>> result.  The CVE was ³born² in a sense as a result of that meeting,
>> although much of the work had been done prior.
>> See
>> http://www.ieee-security.org/Cipher/ConfReports/1999/CR1999-WVDB99.html
>>
>> (I helped organize the first workshop, too, at NIST, as I recall.  It
>> wasn't as well attended.)
>>
>> It might be worthwhile to have a follow-up workshop for not only the CVE,
>> but some of the other players in the arena.  We could piggyback it on our
>> annual symposium here, in April, which might make it even more of
>> interest for some people to attend.
>>
>> However, if I were to do that, I¹d want some definite buy-in from people,
>> including some who would help with planning.  This is not necessarily the
>> same as a CVE editorial board meeting, which could be done in conjunction
>> or separately with a workshop.
>>
>> spaf
>

smime.p7s

Page Last Updated or Reviewed: January 07, 2016